header logo
Back to blog

How Landspítali Gained Critical Cybersecurity Visibility

July 4, 2025

Industry: Healthcare 
Challenge: Lack of visibility into their external exposure, limited security resources, and legacy systems. 
Results: Continuous monitoring, user exposure detection, and support for NIS2 compliance.

Landspitali logo on an off-white background

About Landspítali

Landspítali is Iceland's national hospital, operating across 100+ buildings and 16 locations. While relatively small on a global scale, its digital infrastructure is highly complex, covering everything from patient care to administration, all of which require the best cybersecurity possible. 

The cybersecurity challenges of the national hospital

Like many healthcare institutions, Landspítali faces the challenge of clinical staff focusing on patient care with little care for cybersecurity. But ransomware or system failures can impact that care in an instant. Additionally, they heavily rely on digital systems, deal with a lot of sensitive data, and fall under critical infrastructure subject to multiple compliance requirements. 

Limited visibility and resources

The cybersecurity team, led by Auður Ester Guðlaugsdóttir (Team Lead of Operations and Infrastructure) and Guðjón Hauksson (System Administrator) share with us that, until recently, they had limited resources and budget to conduct critical and comprehensive security assessments across all hospital operations. This resulted in performing external scans manually and inconsistently, leaving them completely “blind” to their external attack surface. 

Image of a blonde woman in a circle with a quote.

The IT operations and infrastructure team are also responsible for all operations, covering Iceland’s entire hospital needs. In addition to treating patients, these operations include extensive management and administrative functions. They were also dealing with inherited systems—some with poor security practices—active development of web portals and applications, and vulnerable contractor-built sites.

Gap in their former security stack

Establishing security partnerships with Syndis for their SOC (security operations center) services and other services from Defend Iceland was a step in the right direction, but it wasn’t enough. They still had limited visibility into their external exposure, including user exposure such as leaked credentials and online account usage. 

This left a critical gap in their security coverage. 

The solution

Their struggles to get internal recognition and funding for security from the top were finally alleviated when a new CTO joined the team in 2022. He introduced them to Aftra and they immediately saw the value. They also found it to be the only product out there that could provide insight both into their external attack surface and user exposure. 

Headshot of a man in a circle with a quote

Aftra implementation

Landspítali began to implement Aftra in 2023 and immediately recognized its value in addressing their blind spots. It provided them with: 

  • Comprehensive monitoring of internet-facing assets across their infrastructure.
  • The unique ability to identify compromised user credentials.
  • Replacing manual external scans.
  • The perfect alignment with their vision for comprehensive security.

Choosing Aftra also supported the hospital’s commitment to local innovation.

Key Aftra features used 

  • External vulnerability management automatically discovers and assesses internet-facing assets across all domains and accounts and flags vulnerabilities associated with them.
  • Employee digital footprint detects where users use their work accounts online and if passwords have been leaked.
  • Security campaigns provide awareness initiatives for users to understand where they use their work accounts online and how that poses a risk to the organization.
  • Dashboard reports allow them to track important security information and show progress to leadership. 

“Aftra’s new Executive Security Reports will allow us to gather as much information as possible in a presentable package and show progress.” -Guðjón Hauksson, System Administrator 

The results from implementing Aftra

The team at Landspítali saw immediate benefits and measurable results from implementing Aftra.

The immediate impact included:

  • Insight into their attack surface including understanding their organizational and employee footprint.
  • Increased operational efficiency and manual processes.
  • Executive involvement in security, resulting in increased knowledge and awareness.
  • Support for NIS2 compliance.

Measurable outcomes

  • Security score tracking: Aftra provides them with a tangible security score, which benchmarks them against other customers. Their current security score is 74, but they set a goal of reaching 80.
  • Improved user security: They can see where users use their work email accounts online, identify if their password has been in a breach, and remediate the issues, while simultaneously educating users on security best practices.
  • Leadership engagement: Aftra enables them to regularly report to management and executives on their security status in a way that they can understand.
  • Compliance support: The enhanced documentation provided by Aftra helps them with regulatory requirements including NIS2.

Key success factors

  • A security-focused CTO brought visibility and buy-in from leadership.
  • Clear communication of cyber risks in healthcare terms including threats posed to patient care.
  • Choosing a solution that complemented their existing stack and focused on proactive, continuous security.
  • Strategic partnerships through Aftra and Syndis.

Realistic expectations and continuous improvement

They recognize that their cybersecurity journey requires continuous evolution to stay ahead. Achieving 100% cybersecurity is not realistic, instead their goal is to have the most comprehensive coverage possible to make them a less attractive target for hackers. 

"If our security strategy effectively covers key areas and limits our exposure as much as possible, it’s less likely that an attacker sees us as a worthwhile target compared to organizations with more vulnerabilities." -Guðjón Hauksson, System Administrator 

Aftra enables them to focus on where they stand versus trying to achieve “absolute security” and support them in their on-going effort to reduce their attack surface and keep their footprint as small as possible.

From reactive to proactive security

By implementing Aftra, Landspítali successfully transformed their approach to external security management and became proactive. The solution provided unique capabilities that complemented their existing security partnerships, while delivering the visibility and reporting needed to engage C-level leadership and support NIS2 compliance efforts.

“If you don’t have the ear of the top leadership, nothing will happen.” -Auður Guðlaugsdóttir, Team Lead Operations and Infrastructure

Ready to shed light on your external exposure?

Schedule a demo.

Latest blogs

March 26, 2024

The Importance of Activating Incident Response

March 13, 2025

Why you shouldn’t put all your trust in IT consultancies for cybersecurity

March 20, 2024

What is EASM and how does it work?

blog

Newsletter Signup

Interested in getting the latest cybersecurity insights direct in your inbox?

Sign Up